﻿using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Configuration;

public partial class Login : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {
        if (!IsPostBack)
        {
            if (Request.Cookies["Login"] != null)
            {
                txtUsername.Text = Request.Cookies["Login"]["Username"];
                txtPassword.Attributes["value"] = Request.Cookies["Login"]["Password"];
            }
            else if (Session["RegisterMessage"] != null)
            {
                CustomValidator1.ErrorMessage = Session["RegisterMessage"].ToString();
                CustomValidator1.IsValid = false;
                Session.Remove("RegisterMessage");
            }
        }
    }

    protected void btnLogin_Click(object sender, EventArgs e)
    {
        string username = txtUsername.Text;
        string password = txtPassword.Text;
        int diaryID;
        bool isLogin = CheckLogin(username, password, out diaryID);
        if (isLogin)
        {
            Session.Add("DiaryID", diaryID);
            Session.Add("FromDate", DateTime.Now.Date);
            Session.Add("ToDate", DateTime.Now.Date.AddDays(7));
            Session.Add("Username", username);
            if (cbRemember.Checked)
            {
                HttpCookie ck = new HttpCookie("Login");
                ck.Values["Username"] = username;
                ck.Values["Password"] = password;
                ck.Expires = DateTime.Now.AddDays(30);
                Response.Cookies.Add(ck);
            }
            Response.Redirect("Default.aspx");
        }
        else
        {
            CustomValidator1.IsValid = false;
            CustomValidator1.ErrorMessage = "Login Fail";
        }
    }

    private bool CheckLogin(string username, string password, out int diaryID)
    {
        diaryID = -1;
        try
        {
            string connStr = ConfigurationManager.ConnectionStrings["connStr"].ConnectionString;
            SqlConnection conn = new SqlConnection(connStr);
            string sql = "Select DiaryID From [Diary] Where Username = @1 and Password = @2";
            SqlCommand cmd = conn.CreateCommand();
            cmd.CommandText = sql;
            cmd.Parameters.AddWithValue("@1", username);
            cmd.Parameters.AddWithValue("@2", password);
            conn.Open();
            SqlDataReader reader = cmd.ExecuteReader();
            bool isOK = reader.HasRows;
            if (isOK)
            {
                reader.Read();
                diaryID = reader.GetInt32(0);
                reader.Close();
            }
            cmd.Dispose();
            conn.Close();
            return isOK;
        }
        catch (Exception)
        {
            return false;
        }
    }
}
